home

unins000.exe

The executable unins000.exe has been detected as malware by 41 anti-virus scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Foxit Reader by Foxit Corporation. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server.
MD5:
22d5502cae207714845af039b571e518

SHA-1:
7cf5621136aa18c698bd02de9e257591eb2e9632

SHA-256:
bfe9d19ca5840d7de3aa786f3ccf307d2d45eb505d6401d79bd339a3c644ecae

Scanner detections:
41 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/19/2024 12:57:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Neshta.A
701

Agnitum Outpost
Win32.Neshta.A
7.1.1

AhnLab V3 Security
Win32/Neshta
15.03.06

Avira AntiVirus
W32/Neshta.A
7.11.147.190

avast!
Win32:Apanas [Trj]
2014.9-150306

AVG
Worm/Delf
2016.0.3179

Baidu Antivirus
Virus.Win32.Neshta.$a
4.0.3.1536

Bitdefender
Win32.Neshta.A
1.0.20.325

Bkav FE
W32.NeshtaB.PE
1.3.0.4959

Clam AntiVirus
W32.Neshuta.A
0.98/211

Comodo Security
Win32.Neshta.A
18226

Dr.Web
Win32.HLLP.Neshta
9.0.1.065

Emsisoft Anti-Malware
Win32.Neshta
8.15.03.06.05

ESET NOD32
Win32/Neshta
9.9762

Fortinet FortiGate
W32/Neshta.A
3/6/2015

F-Prot
W32/HLLP.41472
v6.4.7.1.166

F-Secure
Win32.Neshta.A
11.2015-06-03_6

G Data
Win32.Neshta
15.3.24

IKARUS anti.virus
Virus.Win32.Neshta
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.177.11984

Kaspersky
Virus.Win32.Neshta
14.0.0.2389

McAfee
W32/HLLP.41472.e
5600.6835

Microsoft Security Essentials
Virus:Win32/Neshta.A
1.10502

MicroWorld eScan
Win32.Neshta.A
16.0.0.195

NANO AntiVirus
Trojan.Win32.Neshta.cwfstr
0.28.0.59608

Norman
Neshta.C
11.20150306

nProtect
Virus/W32.Neshta
14.05.04.01

Panda Antivirus
W32/Neshta.A
15.03.06.05

Qihoo 360 Security
Virus.Win32.Neshta.B
1.0.0.1015

Quick Heal
W32.Neshta.A
3.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.6.5

Rising Antivirus
PE:Win32.Netsha.a!411233
23.00.65.15304

Sophos
W32/Bloat-A
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-FlyStudio
10015

Total Defense
Win32/Neshta.A
37.0.10920

Trend Micro House Call
PE_NESHTA.A
7.2.65

Trend Micro
PE_NESHTA.A
10.465.06

Vba32 AntiVirus
Virus.Win32.Neshta.a
3.12.26.0

VIPRE Antivirus
Virus.Win32.Neshta.a
28916

ViRobot
Win32.Neshta.B
2011.4.7.4223

Zillya! Antivirus
Virus.Neshta.Win32.1
2.0.0.1779

File size:
1.9 MB (1,943,616 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\foxit software\foxit reader\unins000.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:mVN4kkKF3hDXq8xeidJLvktRskkkkJBcTgoALoyo52ZEdB+gebQHClnUMlGCvx9B:mT90D3D2wBafl/

Entry address:
0x80E4

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40...
 
[+]

Entropy:
5.7196

Developed / compiled with:
Microsoft Visual C++

Code size:
29 KB (29,696 bytes)

Program Uninstaller
Program name:
Foxit Reader

Display publisher:
Foxit Corporation

Display version:
6.2.0.429

Uninstall string:
"C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe"


Remove unins000.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.